Biometric Cons

8/2/2019 Biometric Cons

1/22

Biometrics-Security- Technical,

Privacy, Religious, Ethical Issues

CHIDANANDA.K


2/22

Biometrics

Biometrics is the study

of computerized

methods to identify aperson by their unique

physical or behavioral

characteristics


3/22

Types of Biometrics

Biometrics can be Divided into two classes:

PhysiologicalExamples: fingerprint, face, hand, iris, Retinal

recognition

BehavioralExamples: signature and voice


4/22

Disadvantages

False rejection

False acceptance

One password ever Physical damage

Biometric database compromised

Corrupt matcher

Changed feature set


5/22

Finger Prints

Cons:

Quality of scanning is Highly Variable

1-3% of public do not have suitable fingerprints

Susceptible to spoofing

Social Stigma( Public perception ofCriminality)


6/22

Facial Recognition

Susceptible to aging Lighting and other factors

Susceptible to spoofing

Accuracy is not very High


7/22

Iris & Retinal Scan

Poor Accuracy ( Like Retinopathy, Aging)

Specialized Cameras required

Not a well tested Technology


8/22

Signature & Voice Recognition

Varies with mood, stress and age

Voice susceptible to change due to disease

Intrusive Operator skill required


9/22

Biometrics: How Strong?

Three types of attacks

Trial-and-error attack Classic way of measuring biometric strength

Digital spoofing Transmit a digital pattern that mimics that of a

legitimate users biometric signature

Similar to password sniffing and replay

Biometrics cant prevent such attacks by themselves

Physical spoofing Present a biometric sensor with an image that mimics

the appearance of a legitimate user


10/22

Voluntary finger cloning

1. Select the casting material

Option: softened, free molding plastic (used by Matsumoto)

Option: part of a large, soft wax candle (used by Willis; Thalheim)

2. Push the fingertip into the soft material

3. Let material harden

4. Select the finger cloning material Option: gelatin (gummy fingers used by Matsumoto)

Option: silicone (used by Willis; Thalheim)

5. Pour a layer of cloning material into the mold

6. Let the clone harden

Youre Done!


11/22

Matsumotos Technique


12/22

Making the Actual Clone


13/22

Making a Gummy Finger from a Latent

Print


14/22

Finger Cloning Effectiveness

Willis and Lee could trick 4 of 6 sensors tested in1998 with cloned fingers

Thalheim et al could trick both capacitive andoptical sensors with cloned fingers

Products from Siemens, Cherry, Eutron, Verdicom Latent image reactivation only worked on capacitive

sensors, not on optical ones

Matsumoto tested 11 capacitive and opticalsensors Cloned fingers tricked all of them Compaq, Mitsubishi, NEC, Omron, Sony, Fujitsu,

Siemens, Secugen, Ethentica


15/22

We can build physical clones of biometric

features that spoof biometric readers

Matsumoto needed $10 worth of materials and 40

minutes to reliably clone a fingerprint

We can often build clones without the

legitimate users intentional participation


16/22

Ethical & Religious issues

Biometric Technology is nothing but a form of

tattooing at a technological level.

People feel untrustworthy and embarrassed.

Moreover, people claim they're being dehumanized. Personal data used for something other than its

advertised purpose.


17/22

Privacy & Public concern Biometrics erode privacy

Biometric data indicates who you are

Biometric data can be used to steal your identity

Biometrics can be used to link info from various sources

A biometric can be intercepted and used to abet fraud

Biometric information is vulnerable over a network Biometrics can track you wherever you go

Biometrics stored in a database are a threat to personal

privacy

Who can access data

Misuse of personal data

What happens to biometric data after the intended use is over

Security of biometric data assured during transmission and

storage


18/22

Some case studies

Biometric passports hacked Britain

"Vietnamese researchers have cracked the

facial recognition technology used for

authentication in Lenovo, Asus, and Toshiba

laptops


19/22

Aadhaar: on a platform of myths

Myth: Identity theft can be eliminated using

biometrics.

The report of the UIDAI's Biometrics StandardsCommittee actually accepts these concerns as real. Itsreport notes that fingerprint quality, the mostimportant variable for determining de-duplicationaccuracy, has not been studied in depth in the Indiancontext. However, this critical limitation of the

technology has not prevented the government fromleaping into the dark with this project, one whose costwould exceed Rs.50,000 crore.


20/22


It is estimated that approximately five per cent of any

population has unreadable fingerprints, either due to

scars or aging or illegible prints. In the Indianenvironment, experience has shown that the failure

to enrol is as high as 15 per cent due to the

prevalence of a huge population dependent on

manual labour. Cont


21/22


It is said that the greatest enemy of truth is not thelie, but the myth. A democratic government shouldnot undertake a project of the magnitude of Aadhaarfrom a platform of myths. The lesson from the U.K.

experience is that myths perpetrated bygovernments can be exposed through consistentpublic campaigns. India direly needs a masscampaign that would expose the myths behind the

Aadhaar project.(R. Ramakumar is Associate Professor with the Tata

Institute of Social Sciences, Mumbai.)


22/22

Thank you !!

Biometric Cons

Documents

Transcript of Biometric Cons